Proof That Any iPhone App With Camera Permission Can Secretly Record You


The researcher notes that granting camera permission will enable apps to access both the front and the back camera of your device.

The Next Web
Waking Times Media

This is pretty disturbing. Google engineer Felix Krause has detailed an alarming privacy setting in Apple’s iOS that enables iPhone apps with camera permission to surreptitiously take photos and videos of you – without your knowledge.

Clarification: Krause has since contacted TNW to clarify that he conducts his security research work during off-hours and independently of Google.

The researcher notes that granting camera permission will enable apps to access both the front and the back camera of your device, photograph and record you at any time the app is in the foreground, upload this content immediately, and run real-time face detection to read your facial expressions.

All of this without any notice or indication that your iPhone is snapping images of your face. No sound, no light, no LEDs.

Krause has shared a short demonstration of the documented issue on YouTube. Check it out below:

The most troubling concern here is that this is how this privacy setting is expected to work by design. Indeed, all signs seem to suggest this is yet another case of the trite “It’s a feature, not a bug” conundrum.

The most pressing issue is that anybody who chooses to exploit these permissions could scrape image data to locate users, find other existing photos of the device’s owner, and even watch you while you’re sitting on the toilet and livestream this spectacle for others to see.

Krause says there is little you can do to prevent this; though there are a few options, none of them would make for a particularly smooth and streamlined user experience.

One possibility is to equip your camera with covers. You can find numerous such accessories on Amazon. That, or you can revoke camera access for all apps – but not without sacrificing some app functionality in the meanwhile, like taking and sending photos straight from apps.

The Googler has since disclosed this complication to Apple. He also took a moment to offer some tips on how the Big A can handle this issue in a more responsible manner. One such solution, for example, would be to make camera permissions temporary – or at least add indicators to notify when the device is recording.

Interestingly, earlier this year Google discovered technical inconsistencies or vulnerabilities in competitors’ products on a number of occasions. Over the past twelve months, the Big G found critical bugs in antivirus software for Macs as well as glaring flaws in Microsoft’s Edge and Internet Explorer browsers.

In the meantime, those curious to go through Krause’s disclosure in more detail can peruse his full blog post here.

Views: 118

Reply to This

Replies to This Discussion

Disturbing, but not surprising.

Whether it's Apple, Google, Facebook or any other platform, if you have a smart phone, tablet or TV or the Amazon Echo, Alexa, etc - you are probably being spied on one way or another. App permissions are not always clear; there is no full disclosure even when you read the fine print.

My son is running a security camera system that he can monitor from his smartphone.  One day he was checking his FB feed and FB suggested a picture to share - it was a screenshot taken from the security camera feed!  He didn't take the screenshot.  FB accessed his media files (or the security camera app), somehow grabbed a screenshot and suggested it to post to FB.  FB app permissions include access to media files so we can share pictures and videos - that makes sense.  They don't tell you they can invade media (and possibly other apps) as they please. This incident was particularly disturbing.

We've both had experiences of saying a particular word then getting targeted ads on Youtube about that word - even though it was never typed into the smartphone or a message.  The microphones are just as much spyware as cameras are.  In this case it had to be initiated by the android-google account ties.  It's annoying, but worse it's an invasion of privacy.  Many of us are sacrificing our privacy for convenience... I suspect there will come a day when the privacy issue will make some of us drop "smart" anything.  Some already have.  The way technology is going I also suspect that it will become impossible to find things that don't have "smart" capabilities built in (try to find a TV that isn't "smart" - it's hard). 

The argument of "if you don't have anything to hide there is nothing to worry about" is not an argument at all. Those are just words to make people complacent about what's going on.  For now I'll live with it, cover cameras, etc but I'll continue to stay away from Apple.

We have stopped buying any appliances Rose - no cells and no tv in this house.  We have an accommodation property for large groups.  The kids get here and have no signal, no TV, no electronic toys, so after their initial WTF!?  they get on with the business of being children.  Swimming, tree climbing, kayaking, fishing, caving, horse riding...   it's a no brainer

No smart TV in my house = shitloads gets done ;)

That's great Rose!  People really can adapt to life without the internet - even though they don't think so.  All of the outdoor activities you have available for the kids are wonderful and it must be great to see them enjoy themselves.

TBH, I have a very old TV but don't really use it since I don't have cable - gave that up a few years ago. I'll connect a PC through HDMI if I really want to wind down with a movie on a "big" screen in the evening... but usually I just watch an old movie streaming on a tablet.  Or read.

At the moment no one else is living here, so it's my opportunity for a bit of escape after a day of caring for animals and doing housework or running errands.  If I didn't interact with people on line and watch some old movies I'd starting "speaking" dog and chicken.  To be fair I do talk to one or two ppl on the phone; I'm really not a phone person though. "Social" opportunities are limited around here unless one belongs to a church - which I don't.  I don't want to turn into the "crazy old lady that lives down the road."  Always trying to strike a balance around here - a little tech goes a long way for me.

Would be nice to have a large HD screen or projector to watch movies.

Hearing you on turning into the "crazy old lady" :D  I hid for 5 years in my home after waking and it was very tempting to shut the whole world out forever...  reality was I like people way to much to shut down completely.  As I get older (and perhaps wiser) a better quality of human are in our lives.

We couldn't run our business without some link to the internet. Being in an area that has very low frequency (at this stage) means we have to use a pretty nasty modem to connect however we have found a way to make that safer and never use it when our guests are in.

The tech can be used safely and wisely - not to be confused with smart.

Thanks for the conversation.

I think "crazy old ladies" nowadays are just free spirits. The crazier the better aye Rose!

Yip! ha ha ha

Hulu says it best

Those are insane commercials!  I thought they were fake until I watched on YT and read comments. A link for a google patent that was left there was equally disturbing - called Nervous system manipulation by electromagnetic fields from monitors

The things that go on are mind boggling.  Literally.  Thanks for sharing and the conversation as well.


© 2018   Created by rose.   Powered by

Badges  |  Report an Issue  |  Terms of Service